We've discussed multiple times the massive unsubstantiated hype
around the concept of "cyberwar"
, which mostly has been led by former government officials who are seriously cashing in
on the hype. Yet, every time we mention this, we get people insisting that we just don't know the "real story" and the "threat" is really big. But we keep waiting for some evidence to support that theory.
Seymour Hersh, over at the New Yorker, who tends to be the
most connected reporter around when it comes to getting the inside scoop on what's happening in the US military, has a (typically) long and worth reading analysis of the whole "cyberwar" concept
that effectively agrees with exactly what we've been saying all along: it's totally hyped up beyond reality, in an effort to build the reputations of a few people and to cash in on a trend. People on all sides of the issue all seemed to point out to Hersh that "cyberwar" is blowing things out of proportion. There's plenty of espionage
going on, but that's quite different (and a lot less sexy when it comes to trying to make money).
But what's even scarier than the people seeking to get money is the way the Defense Department has been using this to try to basically take control of the whole "cyber defense" aspect. Back in August, we discussed how there was this ongoing fight between the Defense Department (military) and Homeland Security (civilian) to manage the "cyber" threats
, with the Defense Department basically using its experience in being incompetent to argue that it knows better.
And, as you look at the details, the Defense Department isn't just looking at "cyber defense," it keeps on making the argument that part of "cyber defense" is also "securing" private networks and usage. Jerry Brito, over at the Tech Liberation Front, just had a post questioning whether or not the military
should have a role in civilian cybersecurity, and Hersh's long article gives plenty of reasons why it absolutely should not.
Multiple people note that one of the best ways to make various networks and systems more secure from espionage attacks is to increase (or even mandate) widespread encryption. That would certainly make things more difficult for espionage. But the NSA (part of the Defense Department) doesn't want that because that makes it much harder to spy on people. In fact, the very same NSA has been pushing the feds to put in place a mandatory backdoor to any encryption
so that it can keep on spying.
But, of course, any such backdoor can (and absolutely will) be used by those trying to spy from elsewhere as well. So when you put the NSA in charge of "cyber security," it seems to focus on using that mandate to actually improve its ability to spy on everyone (including on domestic soil), rather than actually doing stuff related to actual "cyber security." We've had various pieces of similar stories over the past few months, but Hersh does a great job pulling it all together in a way that makes it pretty clear that this whole thing is a huge boondoggle for most of the players. The ex-gov't officials screaming "cyberwar" are making tons of cash, while the Defense Department and the NSA are using all that hype to gain more control over the internet and the ability to spy on people -- but not necessarily to make anyone more secure.